So I’ve got an SG2100 which apparently can’t support a solid gigabit internet connection with packages installed? I know that’s vague but I never gave much thought to this, thinking the SG2100 was more or less overkill for a home network - but is it?
I’m also getting ready to get gigabit at my office as well so this is a consideration there too.
I’ve heard the UB ER-4 is a solid performer in this category but should I swap out for that? I could get SG3100’s as well, but I’ve also the option to just build a machine for pfsense.
I’m suddenly feeling like I got caught off guard. FiOS ships out their router to you, and I wonder what is under its hood? I’m not going to use their equipment but I’m looking for suggestions for mine.
I may end up running some sort of IDS/IPS system at the office, not sure. This is all dependent on what I learn here. Thanks!
The ER-4 is not the same because there are not any threat protection packages to load on it to compare it to the pfsense. The SG3100 is a good choice that we deploy for a lot of small business. Doing a self build works as well.
1 Like
Thanks for that clarification, Tom. I Was looking at the SG3100 specs and it seems like even a 5th or 6th gen i5 would blow that out of the water. Is their engineering based around making sure it’s quiet and such? I’ve got dozens of computers laying around but it does seem sort of clunky having a mid tower case as your router lol.
For $400 I may as well go the 3100 route. Tell me, any real reason to jump up to the next model, long as I’m already spending several hundred dollars? That FiOS gigabit router must be awful beefy internally.
Thanks for your thoughts! Also, do you think SFP from firewall/router to switch is a nice-to-have? Netgate hardware seems well-made and I wonder why it doesn’t include an SFP port.
The SG-3100 is passively cooled and hardly uses any power so it’s a nice piece of hardware.
Hey Tom, so I just got off the phone with Netgate sales and if I choose one of their machines I think I’d like to future-proof myself a bit and would just go for the 6100.
If we put aside noise level and power consumption, strictly considering performance: For $350 I can get an Optiplex 9020 with an i7, 16GB DDR4 and throw in an intel dual NIC. Do you dislike this idea in the interest of saving money? Why, why not?
This is going to replace my 2100 at home. I’ve got symmetrical 1000Mbs FiOS coming through ethernet directly to my pfSense box, then off to a switch. I run HAproxy and pfblockerNG and we’ve got about a dozen, maybe 15 devices running off that.
We prefer the Netgate devices, but if you want to build it your self go ahead. FYI pfsense plus is what comes with their hardware and pfsense community edition is what you can load on your own.
You can certainly build your own more powerful version of pfSense but here are a couple of things to consider.
- Power draw. Like Tom said, the negate devices are designed specifically as a firewall so they are a lot more efficient power wise. There are other semi similar devices that are equally as efficient and not as expensive as a Negate device (see Toms’ reviews of Protectli devices).
- Better support. Yes, you can pay for premium support but I’ve bought a few negate devices, one of which was problematic. It was returned and replaced without question. I only had to pay for the shipping costs.
I’m no eco warrior but it’s definitely better for the environment if you are running something that is uses energy more efficiently.
For my clients, sure, I could roll my own but you find out fairly quickly that the buck stops with you if something goes wrong. That’s why I spend a bit more and get a better (less of a headache) solution.
1 Like
IMHO, i would just give it a go with 2100 if the ONT hands off ethernet. If budget really allows the 6100 great option but also don’t rule out the 5100 which is our sweet spot in business setups. We do use Netgate at clients, but i run a small older i5/8GB/128GB SSD at home, it draws about 30-40W. Supply of Netgate in UK is pretty limited so building out boxes is more prevalent.
I ended up virtualizing pfSense on one of my servers for the time being until I can make up my mind. Ultimately I’m going to buy another netgate machine if for no other reason than to support the project. For now though, I’m getting 960Mbs almost symmetrical running this as a proxmox VM.
For the information of those who may be interested, I was officially getting 650Mbs through the 2100 running pfblocker but NOT any other services.
The SG-3100 is able to maintain gigabit speed on a single stream without any overhead like IPS/IDS/AV/etc. As soon as you will start to add some protections, the speed will start to go down as the cpu isn’t fast enough and pfSense doesn’t multithread traffic inspection and there is no hardware acceleration (ASIC) dedicated to that. I would go with with the new SG-6100 if I wanted to maximize my 1Gbps Internet speed as the cpu is faster as well as the rest of the device.